Arbitrary Code Injection The advisory has been revoked - it doesn't affect any version of package kernel-rt-debug-kvm  (opens in a new tab)


Threat Intelligence

EPSS
0.17% (7th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-KERNELRTDEBUGKVM-17453802
  • published25 Jun 2026
  • disclosed24 Jun 2026

Introduced: 24 Jun 2026

NewCVE-2026-53095  (opens in a new tab)
CWE-94  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-rt-debug-kvm package and not the kernel-rt-debug-kvm package as distributed by Centos.

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix abuse of kprobe_write_ctx via freplace

uprobe programs are allowed to modify struct pt_regs.

Since the actual program type of uprobe is KPROBE, it can be abused to modify struct pt_regs via kprobe+freplace when the kprobe attaches to kernel functions.

For example,

SEC("?kprobe") int kprobe(struct pt_regs *regs) { return 0; }

SEC("?freplace") int freplace_kprobe(struct pt_regs *regs) { regs->di = 0; return 0; }

freplace_kprobe prog will attach to kprobe prog. kprobe prog will attach to a kernel function.

Without this patch, when the kernel function runs, its first arg will always be set as 0 via the freplace_kprobe prog.

To fix the abuse of kprobe_write_ctx=true via kprobe+freplace, disallow attaching freplace programs on kprobe programs with different kprobe_write_ctx values.